Manualshelf

HP CIFS Client A.02.02.03 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
61626364656667686970
PAM NTLM Features
PAM NTLM supports authentication and password management.
PAM NTLM uses a subset of the Samba smb.conf file as its configuration file. See the PAM
NTLM Post-installation Instructions below for further information.
PAM NTLM supports username mapping to map a local UNIX user name to a remote CIFS
domain user name to use for authentication. See the PAM NTLM Configuration section for
more detailed information.
Successful user/password authentications are cached for use by the CIFS client.
Login authentication to CIFS Servers using NTLM encrypted passwords.
Updating CIFS user passwords on the Primary Domain Controller (PDC) using the HP-UX
passwd(1) command.
Refer to Chapter 2 for installation steps.
User Map File
PAM NTLM supports a user map file that maps UNIX user names to CIFS domain user names before
authentication by the CIFS server. PAM NTLM will search the user map file for the UNIX user name.
If found, the mapped CIFS domain user name will be used to authenticate the user on the CIFS
server. You must enter the correct password for the mapped NT user in order to be authenticated.
If you configure password(1M) to use PAM NTLM, then the password of the mapped CIFS domain
user will be changed on the CIFS domain.
PAM NTLM Configuration
Configure the following to set up PAM-NTLM:
The PAM-NTLM module
The system file /etc/pam.conf to use the PAM-NTLM module
A usermap file (optional)
Configuring the PAM NTLM Module
The PAM-NTLM configuration file is /etc/opt/cifsclient/pam/smb.conf. A default configuration
file is also provided (smb.conf.default). Do not change the default configuration file because you
may need to refer to it in the future.
Table 11 Sample File for Configuring PAM NTLM
## Name: smb.conf
## Set the values below to the actual names used in your
## environment
## Any line which starts with a semi-colon(;) or a hash(#)
## is a comment and is ignored.
## ==================== Global Settings ======================
[global]
## workgroup: Domain-Name or Workgroup-Name
workgroup = workgroup
## password server: the netbios name of the system which will be
## used to authenticate logins.
password server = pdc_name bdc1_name bdc2_name
## wins server: the system used to locate password servers,
## specified as a fully-qualified DNS name or an IP address.
wins server = winserv.mycorp.com
66 PAM NTLM